Microsoft and Google announced SHA-1 deprecation plans that affect websites with SHA-1 certificates expiring as early as after December 31, 2015. Due to which our all SSL provider is changing certificate encryption from SHA1 to SHA256 for new upcoming new certificate. This changes was done because the SHA-1 cryptographic hash algorithm has been known to be considerably weaker than it was designed to be since at least 2005 — 10 years ago. i.e. SHA256 is stronger than SHA-1. For detail information view this Chrome blog http://blog.chromium.org/2014/09/gradually-sunsetting-sha-1.htmlAt present your site might be bind with SHA1 encryption method but when you will renew your certificate then it will automatically be issued with SHA256 i.e. higher bit of encryption, stronger one.Once it is renewed your site will not be accessible form IE of Computer with XP Service Pack 2 because encryption is changed to SHA256 which cannot be recognize form IE of OS Windows XP system with Service Pack 2 as it is advance level of encryption method.If your agent with System (Computer) Windows XP Service Pack 2, then they will not able to browse website to pay the transaction

Now we have 2 option to resolve this issue1. Request agents to update their Windows XP Service Pack 2 to Windows XP Service Pack 3 and use higher level of encrypted certificate. i.e. SHA256. Tutorial to update Service pack https://www.youtube.com/watch?v=HYd-oZxPdX02. Downgrade the certificate encryption form SHA256 to SHA-1 i.e. lower bit of encryption. We can do this by reissuing certificate by SHA1 which may take few more days to complete the process

Note: once certificate is issued form sha1 encryption your website will be display yellow color triangular sign telling that this site is not completely secure.Regards